CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9341 matches found

Tenable Nessus•added 2016/04/14 12:0 a.m.•78 views

Amazon Linux AMI : php56 / php55 (ALAS-2016-685)

A stack overflow vulnerability was reported that may occur when decompressing tar archives due to phartarwriteheaders potentially copying non-terminated linknames from entries parsed by pharparsetarfile. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

10CVSS8AI score0.10997EPSS

Exploits1References2

Tenable Nessus•added 2016/04/07 12:0 a.m.•39 views

Amazon Linux AMI : libssh2 (ALAS-2016-683)

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. C Tenable Network Security, Inc. Th...

5.9CVSS6.4AI score0.02697EPSS

Exploits0References2

Tenable Nessus•added 2016/04/07 12:0 a.m.•50 views

Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. CVE-2015-0293 It was...

5.9CVSS6.9AI score0.82112EPSS

Exploits2References6

Tenable Nessus•added 2016/04/01 12:0 a.m.•95 views

Amazon Linux AMI : openssh (ALAS-2016-675)

An access flaw was discovered in the OpenSSH client where it did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, eve...

9.8CVSS7AI score0.13736EPSS

Exploits0References2

Tenable Nessus•added 2016/04/01 12:0 a.m.•40 views

Amazon Linux AMI : tomcat7 (ALAS-2016-680)

ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt other web...

8.8CVSS7.1AI score0.1838EPSS

Exploits0References6

Tenable Nessus•added 2016/04/01 12:0 a.m.•30 views

Amazon Linux AMI : GraphicsMagick (ALAS-2016-678)

An out-of-bounds read flaw was found in the parsing of GIF files using GraphicsMagick. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-678. include"compat.inc"; if description scriptid90271;...

5.5CVSS6.1AI score0.01541EPSS

Exploits0References2

Tenable Nessus•added 2016/04/01 12:0 a.m.•33 views

Amazon Linux AMI : mod_dav_svn / subversion (ALAS-2016-676)

It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved. CVE-2015-3187 An integer overflow wa...

9CVSS7.5AI score0.57037EPSS

Exploits0References5

Tenable Nessus•added 2016/04/01 12:0 a.m.•26 views

Amazon Linux AMI : java-1.8.0-openjdk / java-1.7.0-openjdk (ALAS-2016-677)

An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI...

9.3CVSS7.6AI score0.05765EPSS

Exploits0References2

Tenable Nessus•added 2016/04/01 12:0 a.m.•31 views

Amazon Linux AMI : samba (ALAS-2016-674)

A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon...

6.5CVSS6.4AI score0.12701EPSS

Exploits0References2

Tenable Nessus•added 2016/04/01 12:0 a.m.•55 views

Amazon Linux AMI : tomcat8 (ALAS-2016-679)

8.8CVSS7.1AI score0.13075EPSS

Exploits0References6

Tenable Nessus•added 2016/04/01 12:0 a.m.•35 views

Amazon Linux AMI : tomcat6 (ALAS-2016-681)

A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource, getResourceAsStream, or...

8.8CVSS7.1AI score0.1838EPSS

Exploits0References5

OpenVAS•added 2016/03/31 12:0 a.m.•46 views

Amazon Linux: Security Advisory (ALAS-2016-675)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.13736EPSS

Exploits0References2

OpenVAS•added 2016/03/31 12:0 a.m.•31 views

Amazon Linux: Security Advisory (ALAS-2016-676)

9CVSS7.9AI score0.57037EPSS

Exploits0References2

OpenVAS•added 2016/03/31 12:0 a.m.•20 views

Amazon Linux: Security Advisory (ALAS-2016-677)

9.3CVSS8.4AI score0.05765EPSS

Exploits0References2

OpenVAS•added 2016/03/31 12:0 a.m.•31 views

Amazon Linux: Security Advisory (ALAS-2016-678)